evas fb dev env var - allow in setuid processes with sanitizing

this allows only /dev/fb[0-0] or /dev/fb/something where somthing does
not begin with a . - thus no way to break out of the fb subdir... so
it should be ok... this keeps setuid safety and allows this env var to
work now as intended in this situation.

src/lib/ecore_fb/ecore_fb.c

@@ -120,16 +120,16 @@ _ecore_fb_size_get(const char *name, int *w, int *h)
 {
    struct fb_var_screeninfo fb_var;
    int fb;
+   const char *s;
 
-   if (
-#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
-       (getuid() == geteuid()) &&
-#endif
-       (getenv("EVAS_FB_DEV")))
+   if ((s = getenv("EVAS_FB_DEV")) &&
+       (((!strncmp(s, "/dev/fb", 7)) &&
+         ((s[7] >= '0' && s[7] <= '9') || (s[7] == 0))) ||
+           ((!strncmp(s, "/dev/fb/", 8)) && (s[8] != '.'))))
      {
-        fb = open(getenv("EVAS_FB_DEV"), O_RDWR);
+        fb = open(s, O_RDWR);
         if (fb < 0)
-          fprintf(stderr, "[ecore_fb] error opening $EVAS_FB_DEV=%s: %s\n", getenv("EVAS_FB_DEV"), strerror(errno));
+          fprintf(stderr, "[ecore_fb] error opening $EVAS_FB_DEV=%s: %s\n", s, strerror(errno));
      }
    else
      {

src/modules/evas/engines/fb/evas_fb_main.c

@@ -766,7 +766,7 @@ void
 fb_init(int vt EINA_UNUSED, int device)
 {
    char dev[PATH_MAX];
-   
+   const char *s;
 
    DBG("device=%d, $EVAS_FB_DEV=%s", device, getenv("EVAS_FB_DEV"));
    tty = -1;
@@ -774,13 +774,12 @@ fb_init(int vt EINA_UNUSED, int device)
    if (vt != 0) fb_setvt(vt);
 #endif
 
-   if (
-#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
-       (getuid() == geteuid()) &&
-#endif
-       (getenv("EVAS_FB_DEV")))
+   if ((s = getenv("EVAS_FB_DEV")) &&
+       (((!strncmp(s, "/dev/fb", 7)) &&
+         ((s[7] >= '0' && s[7] <= '9') || (s[7] == 0))) ||
+           ((!strncmp(s, "/dev/fb/", 8)) && (s[8] != '.'))))
      {
-        eina_strlcpy(dev, getenv("EVAS_FB_DEV"), sizeof(dev));
+        eina_strlcpy(dev, s, sizeof(dev));
         fb = open(dev, O_RDWR);
      }
    else